Bart Silverstrim bsilver at chrononomicon.com
Thu May 27 13:32:03 PDT 2004

On May 27, 2004, at 3:49 PM, Vince Hoffman wrote:

> I'm using it to store posix and samba users, handles XP and 2k
> authentication fine (dont have any 9x on the network,) All i'm doing is
> runing a samba PDC for a small network, and am using ldap as it means  
> its
> easy to have a BDC if needed and using pam_ldap and nss_ldap i can
> centralise my user database, anything that supports pam authentication  
> is
> authenticated again it (ie. the external ftp site, uw-imap, smtp auth
> (sasl2 using pam) and shell logins where needed, as well as the  
> internal
> windows domain, (xp and 2k workstations, samba servers))
> If your interested who uses samba and how many users  then look here
> http://samba-survey.sernet.de/commit.html? 
> action=sort&order=file_sharing_clients&dir=desc&index=0

Maybe I'm approaching this the wrong way then.

I have multiple locations (VPN connected) with Windows2000/Win9x  
clients.  I need them to authenticate username/password pairs.

I wanted to use LDAP so that I could also eventually use the same  
directory for a new email server to use as an authentication backend.   
Depending on how the project would go, I'd like to have directory  
lookups also work from this in email clients (in-house mail directory,  
information on what room a staff member is based in, etc.)

Basically a central repository of directory information.

I would like to get some information like membership attributes...i.e.,  
Bob is a member of "administrators".  Sue is a member of  
"ourbuilding_secretaries", and Alanis is also a member of  
"building2_secretaries", so I can set share permissions on Samba for  
common sharepoints.

Would a better approach be to have Samba set up on these authentication  
servers, pointing to an LDAP backend?  FreeBSD can use PAM easily?   
(I've had to jump into Linux authentication for a RADIUS project many  
moons ago, but haven't had to reconfigure anything regarding  
authentication under FreeBSD before...please forgive the naivety :-)   
Is there a way to have LDAP also handling the memberships, etc. for the  
NT machines to understand the memberships for authorization of access  
to shares, etc...so that it would be easy to spread this out to cache  
machines in other buildings?  If it can all be handled via LDAP, I  
hoped slurpd would be all that's necessary on a set of SAMBA servers to  
keep our databases in sync in each building...

More information about the freebsd-questions mailing list